Unable to deploy a newly created winplatform. "Access denied invalid credentials"

Hi Jakob,

I struggled a lot with this error in several different situations using different versions of Application Server..

What I found out is the same as you've already done, -> The DCOM Hardening updates causes this.

If all the new VM's are fully (or at least recently) updated, I would think that the most likely cause of your error is missing security updates on the GR/IDE/Development node.

Both the "host" and the respective "clients" must have the latest security updates installed in order for deployment to work. If your GR/IDE node is in production, it may be difficult to achieve. Then, If you decide to update the GR, you must also update all the other clients in the existing production network in order to maintain stability.

To confirm that the mismatch in security-updates is the reason, you may check Windows Event Viewer and look for DCOM warnings described  here: support.microsoft.com/.../kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Hi Jakob!

Thank you so much for your reply, it is good to know that this is the most likely cause. I am waiting for feedback from the IT department.

The GR/IDE node is also a new VM, so in total three new VM's

GR node + IDE the default (black) winplatform is deployed there and functioning ok.

AOS node 1 (primary) trying to deploy a winplatform there and not succeeding

AOS node 2 (redundant)  - trying to deploy a winplatform there and not succeeding

and the GR is not in production so no problem there.

I will check if there is a mismatch. I also noticed there is a newly issued patch for 23R2, (crossing fingers that it might help installing that)

thank you Jakob

regards Jakob

Just happy to help! Thank you for additional information about the system. If all 3 VM's are new and all 3 VM's have all the latest windows updates installed, you should not get "Access Denied".

If you still get it, it could be because of a completely "incompatible" Windows version. At least we have experienced some Windows 11 clients that just does not want to accept a deployment, and had to roll these back to WIN10.

Otherwise, if your IT department has not disabled or denied the use of any protocols (NTLM, gRPC, DCOM) or applied restrictive security settings, you might have discovered a new problem

I'm also just trying out the new patch, and they usually fix a lot! But let me know how it goes please, as I'm very interested in having a technical explanation to our customers that need an upgrade!

Just happy to help! Thank you for additional information about the system. If all 3 VM's are new and all 3 VM's have all the latest windows updates installed, you should not get "Access Denied".

If you still get it, it could be because of a completely "incompatible" Windows version. At least we have experienced some Windows 11 clients that just does not want to accept a deployment, and had to roll these back to WIN10.

Otherwise, if your IT department has not disabled or denied the use of any protocols (NTLM, gRPC, DCOM) or applied restrictive security settings, you might have discovered a new problem

I'm also just trying out the new patch, and they usually fix a lot! But let me know how it goes please, as I'm very interested in having a technical explanation to our customers that need an upgrade!

HI Jakob, just to give you some feedback... indeed the IT department has not fully updated the VM's in the new system. I am now waiting for them. I will keep you posted.